CN104012025B - Physical layer processing of timestamps and MAC security - Google Patents

Physical layer processing of timestamps and MAC security Download PDF

Info

Publication number
CN104012025B
CN104012025B CN201280061674.1A CN201280061674A CN104012025B CN 104012025 B CN104012025 B CN 104012025B CN 201280061674 A CN201280061674 A CN 201280061674A CN 104012025 B CN104012025 B CN 104012025B
Authority
CN
China
Prior art keywords
bag
time
macsec
time stamp
transmitting
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201280061674.1A
Other languages
Chinese (zh)
Other versions
CN104012025A (en
Inventor
布赖恩·布兰斯科姆
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Microsemi Communications Inc
Original Assignee
Vitesse Semiconductor Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Vitesse Semiconductor Corp filed Critical Vitesse Semiconductor Corp
Publication of CN104012025A publication Critical patent/CN104012025A/en
Application granted granted Critical
Publication of CN104012025B publication Critical patent/CN104012025B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04JMULTIPLEX COMMUNICATION
    • H04J3/00Time-division multiplex systems
    • H04J3/02Details
    • H04J3/06Synchronising arrangements
    • H04J3/0635Clock or time synchronisation in a network
    • H04J3/0685Clock or time synchronisation in a node; Intranode synchronisation
    • H04J3/0697Synchronisation in a packet node
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/28Flow control; Congestion control in relation to timing considerations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/162Implementing security features at a particular protocol layer at the data link layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04JMULTIPLEX COMMUNICATION
    • H04J3/00Time-division multiplex systems
    • H04J3/02Details
    • H04J3/06Synchronising arrangements
    • H04J3/0635Clock or time synchronisation in a network
    • H04J3/0638Clock or time synchronisation among nodes; Internode synchronisation
    • H04J3/0658Clock or time synchronisation among packet nodes
    • H04J3/0661Clock or time synchronisation among packet nodes using timestamps
    • H04J3/0667Bidirectional timestamps, e.g. NTP or PTP for compensation of clock drift and for compensation of propagation delays
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Communication Control (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A physical layer device provides both timestamp processing and security processing. The timestamp processing may be PTP processing according to IEEE Std. 1588 and/or OAM processing according to ITU-T Recommendation Y.1731. The security processing may be MACsec processing according to IEEE Std. 802.1AE. The timestamp processing may delay some packets to avoid impairing accuracy of timing information. For example, the accuracy of timing information could be impaired when a packet containing the timing information is delay due to additional bits added to a preceding packet to include a security tag and integrity check value.

Description

Time stamp and the physical layer process of MAC safeties
Background technology
The present invention generally relates to process the time stamp in communication bag, and more particularly, is related to process and connects comprising media Enter the time stamp in the communication network of control security.
Comprising time stab information can be favourable in some communication bags for the device in network in networked systems 's.Time stab information may indicate that when bag is launched by one of device or received.For example, time stab information can be used to make network In device between clock synchronization.Time stab information can also be used for operation in network, management and maintenance function.Electronics was opened already Send out the Several standard agreement of the bag for adding time stamp using Jing, for example, the Precision Time Protocol (PTP) of ieee standard 1588 and pass ITU-T in terms of Internet Protocol recommends Y.1731- operation, management and safeguards.
It is favourable to avoid the interception of information or the destruction of network operation from being alternatively to make at least some communication security in network 's.Some information it is decrypted protecting by being encrypted to it at the source of information and being located in its purpose.Its Its information can be by protecting comprising inspection value or digital signature, and the inspection value or digital signature allow reception device confirmation letter Breath has not yet been modified since it sends from discharger.A kind of agreement for increasing internet security is ieee standard Medium education (MAC) safety of 802.1AE.
For network, there is provided both safeties of time stab information and increase can be further favourable.However, safety Property measure can be by (for example) because affect time stab information with regard to the uncertain of timing information, in many cases, calmly When information should also undergo security measures.However, it can be difficulty to reduce impact of the security measures to timing information, particularly In the case where the bandwidth of communication system is not excessively reduced.
The content of the invention
Some aspects of the present invention provide a kind of method performed by the physical layer communication device implemented using electronic circuit, Methods described includes:Receive the bag for transmitting;Determine whether the bag is will to receive the bag that time stamp is processed;To connect in the bag In the case of the process of time receiving stamp, it is determined that indicating the bag to the value of the launch time of communication network;Time stamp will be received in the bag In the case of process, determine the packet delay Jing to avoid making the bag during subsequent treatment due to the MACsec of previous bag Process and be subjected to the time interval of variable delay;And launch the bag on the communication network.
Another aspect of the present invention provides a kind of by including comprising emitter, MACsec process blocks, time stamp process block and stream The method that the physical layer device (PHY) of the transmitting chain of control block is performed, methods described includes:Being buffered by the stream control block is used for The bag of transmitting;Determined for whether wrapping for transmitting to be to undergo the bag that time stamp is processed by the time stamp process block;By the time stamp Reason block provides the instruction of predicting launch time of the bag from the PHY for the bag for undergoing time stamp process;By described Time stamp process block makes the bag for undergoing time stamp process postpone to be sent out to reduce described prediction to the offer of the MACsec process blocks Penetrate the inaccuracy of time;MACsec is performed by the MACsec process blocks at least some bag in the bag to operate;And by The emitter launches the bag.
Another aspect of the present invention provides a kind of physical layer device, and it includes:Transmitting chain, its include transmitting stream control block, Transmitting time stamp process block, transmitting MACsec process blocks and emitter;Reception chain, its include receptor, receive MACsec process blocks, Receive time stamp process block and receive stream control block;And whether wherein described transmitting time stamp process block is configured to determine bag when undergoing Stamp process, and and be only defined as undergoing making in the case that time stamp is processed the bag to the transmitting process block in the coating There is provided and postpone.
Another aspect of the present invention provides a kind of physical layer device, and it includes:For receiving the component of the bag for transmitting; For determining whether the bag is will to receive the component of the bag that time stamp is processed;For the situation that time stamp is processed will to be received in the bag It is lower to determine the component for indicating the bag to the value of the launch time of communication network;For the feelings that time stamp is processed will to be received in the bag Determine the packet delay Jing under condition to avoid making the bag meet with because the MACsec of previous bag is processed during subsequent treatment By the component of the time interval of variable delay;And for launching the component of the bag on the communication network.
Another aspect of the present invention provides a kind of comprising at physical layer device (PHY), media access controller (MAC) and bag The arrangement, communications network of reason module, the PHY includes:For receiving the component of the bag for transmitting;For determine it is described bag be No is will to receive the component of the bag that time stamp is processed;To indicate that the bag is arrived in the case that time stamp is processed for will receive in the bag The value of the launch time of communication network is inserted into the component in the bag;For it will receive time stamp process in the bag in the case of Determine the packet delay Jing so that avoid making the bag be subjected to because the MACsec of previous bag is processed during subsequent treatment can Become the component of the time interval for postponing;And for launching the component of the bag on the communication network.
In terms of these and other of the present invention can be more fully understood after the present invention is checked.
Description of the drawings
Fig. 1 is the block diagram of physical layer communication device according to aspects of the present invention;
Fig. 2 is the block diagram of the transmission path of physical layer communication device according to aspects of the present invention;
Fig. 3 is the flow chart of the process for being used to dispose timing information according to aspects of the present invention;And
Fig. 4 is the block diagram of arrangement, communications network according to aspects of the present invention.
Specific embodiment
Fig. 1 is the block diagram of physical layer communication device (PHY) according to aspects of the present invention.The PHY is included to from logical The receiving block 100 of communication network receives input signal and the transmitting block 110 output signal to be transmitted into communication network.It is described In PHY can comprising local clock 121 to provide as the PHY when base and time value is fed to into receiving block and transmitting block.It is described Receiving block and transmitting block provide both time stamp is processed and MAC safeties (MACsec) are processed.The PHY is also included for being coupled to The interface block 131 of higher levels device (such as medium access control apparatus).In certain embodiments, in receiving block and interface block Between and signal path between transmitting block and interface block in can also include other process blocks.Generally implemented with electronic circuit The block of PHY.As those skilled in the art will understand, the PHY can be embodied as stand-alone device or be embodied as containing described The part of the higher level device of PHY or part thereof.For example, in one embodiment, the PHY is provided in integrated circuit In.Software programming may be used to control the operation of a certain circuit in PHY.Programmable processor may be used to configure PHY circuit and Dispose abnormal condition.
Transmitting block 110 generally receives bag for transmitting, buffers the bag, performs time stamp for appropriate bag and process, be directed to Appropriate bag performs MACsec and processes and launch the bag.In various embodiments, transmitting block also can perform in the transmitting chain of PHY Other functions of generally performing.In addition, in certain embodiments, transmitting block is additionally in response to receive by the request bag of receiving block 100 Effective PAUSE frames of the time-out of transmitting and for flow control purpose by wrap suspend.In the embodiment for being shown in FIG, transmitting Stream control block 113 performs the buffering of bag, and transmitting time stamp process block 115 performs time stamp and processes for appropriate bag, at transmitting MACsec Reason block 119 performs MACsec process for appropriate bag, and emitter 111 launches the bag.
Transmitting stream control block 113 is received to be treated the bag from PHY transmittings and buffers the bag.As demonstrated in Figure 1, transmitting stream control Clamp dog 113 is received from interface block 131 and wrapped.The transmitting stream control block buffers the bag, for example, with view of higher levels The speed of device and from the speed difference between the emission rate of transmitting block 110.For example, reception and transmitting can be in identical marks Claim generation under bit rate, but extra bits can be added to bag by transmitting MACsec process blocks 119, and this slows down bag transmitting.In addition, transmitting Time stamp process block 115 postpones can bag transmitting.Transmitting stream control block 113 can be from transmitting MACsec process blocks 119 and transmitting time stamp The instruction that the transmitting of the receiving data of process block 115 extends.Or, launching stream control block 113 can receive the finger that transmitting can proceed with Show.Transmitting stream control block 113 available signal notifies that higher levels device suspends or slows down and bag is fed to into PHY.In some enforcements In example, signalling is occurred by means of receiving block 100, wherein (for example) transmitting stream control block 113 provides signals to receive The reception stream control block 107 of chain.In addition, in certain embodiments, transmitting stream control block is in response to having been received by request bag transmitting Time-out PAUSE frames instruction and make bag transmitting postpone.However, in some of these embodiments, control bag It is not so delay.In various embodiments, stream control block is launched by means of interface block 131 from receiving block and/or from higher level Level is received and indicated.Bag time-out can be beneficial to into auxiliary for flow control purpose in calculating and before writing timestamp value in transmitting chain Help the accuracy for maintaining time stab information.
Buffered bag is received by transmitting time stamp process block 115.In some bags of transmitting time stamp process block 115 in the bag Instruction of the addition bag from the time of PHY transmittings.
For each bag received from transmitting stream control block 113, transmitting time stamp process block 115 (for example) is used in bag Address and label come whether determine the bag be will to be directed to bag that its execution time stamp is processed.Time stamp process is generally using as locally The time by transmitting bag indicated by clock 121.For various bags, the value that launch time can be inserted in bag, is added in bag Or deduct or be fed to higher level device from the value.
Transmitting time stamp process block 115 can be related to transmitting MACsec process blocks 119 and emitter 111 or at it by being based on In predicted delay and adjust the time value from local clock predicting launch time.In certain embodiments, time stamp is launched Process block can be directed to the bag for undergoing MACsec process to time value adjustment fixed amount.By the Jing in transmitting MACsec process blocks 119 Plus the delay that the bag of time stamp is subjected to may depend on which kind of process is transmitting MACsec process blocks 119 pairs perform in Qian Bao.Citing comes Say, position can be added in front bag and be performed in certain embodiments to the information of bag operation (act to launch MACsec process blocks 119 For example, encryption), this will make packet delay and postpones may the process of subsequent packet originally.Therefore, launch time stamp to process Block 115 can be made plus the bag of time stamp is fed to transmitting MACsec process blocks 119 and postpones and it is determined that considering institute during timestamp value State delay so that added position and/or other delays are not result in prolong the transmitting for reducing the accuracy for predicting launch time Late.In certain embodiments, all Jing add time stamp bag (but it is non-not plus time stamp bag) so postpone, but regardless of in transmitting chain Whether modification processed by MACsec in front bag or modification will have been processed by MACsec.In certain embodiments, undergo to add The bag of time stamp postpone can it is determined that bag will plus time stamp after but bag plus time stamp before perform so that it is determined that during timestamp value Without the concern for delay of the time stamp process block to wrapping.Transmitting time stamp process block 115 can also be signaled when packet delay is made to be sent out Jet vectoring block 113.
Transmitting MACsec process blocks 119 are received from time stamp process block 115 wraps.Transmitting MACsec process blocks 119 are for described Some bags in bag perform safety relevant treatment, for example, encrypt.For each bag received from transmitting time stamp process block 115, Transmitting MACsec process blocks 119 (for example) determine whether the bag is will to hold for it based on the address in bag and label The bag of row MACsec process.For undergo MACsec process bag, MACsec process generally by safety tag be added to bag and Produced using password integrity check values (ICV) and be added to it is described bag at receptor for verifying the bag Not yet changed.MACsec process can also be in encrypted packet effective load data.The addition of safety tag and ICV increases Jing The size of the bag of MACsec process so that bag below can be delayed by launch the time of extra bits and possible also due to (lifting For example) time needed for encryption and be delayed by.Postponing for being subjected to can be between the bag of offer to MACsec process blocks Gap change, wherein it is described postpone between bag gap increase and reduce.For example, if bag below and Jing The bag of MACsec process separates minimum allowable clearance, then postpone for big, and if bag below and Jing MACsec process Bag separate at least described minimum allowable clearance and add by the bits number of MACsec process additions, then will not suffer from extra delay.
Emitter 111 is coupled to communication link (for example, other communication medias in fiber optic cables or communication network) To launch output signal.The process of emitter 111 carrys out the bag of spontaneous emission MACsec process blocks 119 to produce output signal.In many In embodiment, output signal is launched according to reference format (for example, ethernet standard).
Receiving block 100 generally comprises the block of the block corresponding to transmitting block 110.Receptor 101 is coupled to communication link (citing For, another fiber optic cables in communication network) and receives input signal whereby.In many examples, according to for come The identical reference format receives input signal of the output signal of spontaneous emitter 111.Receptor 101 processes input signal with from institute State input signal to recover data and produce packet.In various embodiments, receptor 101 is also (for example) by determining Receive frame delimiter signal or frame synchronizing signal to determine the beginning of bag.
Receive MACsec process blocks 103 and receive bag from receptor 101.For each bag, receiving MACsec process blocks 103 can It is determined that whether bag undergoes MACsec process, and if it is then perform MACsec process for the bag.The MACsec process The integrity of bag is verified using the safety tag and ICV in the bag.The bag can also be decrypted.In certain embodiments, The reception MACsec process blocks perform extra MAC relevant treatment.For example, in certain embodiments, the reception MACsec process blocks also determine that whether receiving block 100 has been received by effective PAUSE frames.If it is then receiving MACsec process Block provide indicate receive effective PAUSE frames and indicate in most embodiments by PAUSE frames indicate ask time-out when Between length information signal.In certain embodiments directly and in certain embodiments by means of being delivered to receiving stream control Clamp dog 107 and provide signals to transmitting block 110.PAUSE frames are performed in PHY and receives relevant treatment (in particular, in reception Afterwards soon can be beneficial to) reduce the number of the bag launched after the PAUSE frames for receiving the time-out of request transmitting or be beneficial to Indicate to restart bag transmitting in the case of should no longer suspending bag transmitting earlier generally by means of null value in PAUSE frames.
For from each bag that MACsec process blocks 103 are received is received, receiving time stamp process block 105 (for example) and using Address and label in the bag is come whether determine the bag be will to be directed to bag that its execution time stamp is processed.Time stamp process generally profit With the time wrapped as described in receiving indicated by local clock 121.For various bags, the reception time can be inserted in bag, Be added to bag in value or higher level device is deducted or is fed to from the value.Receiving time stamp process block 105 can be based on receptor 101 And receive the delay in MACsec process blocks 103 and adjust time value from local clock with for use as the reception time.One In a little embodiments, time stamp process block is received for undergoing the bag of MACsec process based on the delay received in MACsec process blocks Fixed amount is adjusted to time value.
Receive stream control block 107 and receive bag and the bag is transmitted into into interface block 131 from time stamp process block 105 is received.Stream Control block 107 buffer it is described bag with match receive and launch between can be different speed.For example, in certain embodiments, Reception and transmitting can occur under same nominal bit rate but to differ different amounts of specific bit rate with nominal rate.In addition, Receiving stream control block 107 can be fed to higher level device by the signal for indicating the flow control in transmission path 110.In addition, one In a little embodiments, receive stream control block and receive with regard to receiving the signal of effective PAUSE frames from MACsec process blocks are received, and connect Receive stream control block the information of PAUSE frames to be provided to transmitting stream control block 113 and/or interface block 131 for higher levels process Use.
Local clock 121 it is the commonly provided synchronous or be tuned to another clock in communication network time value.In some realities In applying example, PHY can receive the time from the clock outside the PHY.
Fig. 2 is the block diagram of the transmission path of physical layer communication device according to aspects of the present invention.In certain embodiments, The transmission path can be the transmission path in the PHY of Fig. 1.Therefore, the transmission path of Fig. 2 is received for transmitting from higher level Bag and after the treatment by it is described bag be transmitted into communication link.Executable process is processed and MACsec process comprising time stamp.
Transmission path includes the stream control block 213 for receiving armed bag.The bag of stream control block 213 pairs carries out speed and delays Rush and be supplied to time stamp grader 215.Time stamp grader 215 determines whether the bag will receive time stamp and process and what is received The process of type.Time stamp computer 216 is calculated and the launch time related timestamp value wrapped, and time stamp write device 217 can be by Calculated timestamp value is written in the bag.MACsec graders 219 determine whether the bag will receive safety and process and connect Receive what type of process.MACsec cryptographic blocks 220 perform safety and process and the bag is fed to into emitter 211, launch Device 211 is by physical signalling output to communication link.
Transmitting stream control block or in certain embodiments same of the stream control block 213 similar to Fig. 1.Therefore, stream control Clamp dog 213 buffers its bag for receiving can be different between the transmitting from emitter 211 from the reception of higher levels device to match Speed.For example, the speed can be added due to the different tolerance limits between nominally equal speed, for safety process It is added to the position of bag or different for the delay of time stamp process addition.The available signal of stream control block 213 notifies higher levels device Suspend or slow down the bag for being applied to launch.
Time stamp packet classifier 215 according to by perform which kind of type (if there is) time stamp action come to bag classify. In one embodiment, bag is categorized as into one of five types.The first kind is included in transmission path will not receive time stamp The bag of process.Second Type includes the bag that will have the launch time value being written in bag.3rd type is included will be had in bag There is the bag of the time stamp by deducting launch time and being worth and change plus deviant.4th type is included to have in bag and passed through The bag of the time stamp for being worth plus launch time and changing plus deviant.5th type is included will be fed to will its launch time value The bag of higher level device.In certain embodiments, will be worth launch time using time stamp FIFO and be fed to higher level device.Can use The value of source address and destination-address in bag come to it is described bag classify.In certain embodiments, time stamp packet classifier 215 The value of address and/or label in bag is classified to the bag.For example, some bags in the bag can be containing void Intend LAN (VLAN) and/or multi protocol label exchanges the label of (MPLS).In addition, in certain embodiments, can be using in bag Contained message (such as Precision Time Protocol or operation, manage and safeguard message) is classified to the bag.Additionally, bag point Class can use the combination of bag characteristic.
Time stamp packet classifier 215 can make for the bag for being classified as reception processing to be fed to time stamp computer 216 and postpone.So And, in certain embodiments, delay can be provided after the write of time stamp, wherein (for example) time stamp write device 217 replaces Ground is provided and postponed and wherein this delay of the consideration of time stamp computer 216.The delay is to avoid launch time relative to timestamp value Change, its can due to MACsec process and occur.In one embodiment, time stamp packet classifier 215 makes to receive at time stamp The packet delay of reason is allowing the transmitting of the position of the maximum number that can be added to bag by the MACsec process in front bag and one Allow to be processed by the MACsec in front bag in a little embodiments and measure (for example, due to encryption institute the extra time for needing The extra time of cause).In another embodiment, packet delay is made to be provided as between bag in the bag of Jing plus time stamp and between Qian Bao At least minimum clearance adds the maximum number of digits purpose amount that can be added to for MACsec process in front bag.In many examples, when Stamp packet classifier 215 signals stream control block 213 when processing and making packet delay for time stamp.
Time stamp computer 216 depends on the classification of bag and produces new timestamp value.For many bag classification, time stamp computer 216 using the time value for being fed to time stamp computer 216.The time value can be by the clock of the local clock of the PHY of such as Fig. 1 Supply.Due to the specific part (ending that for example, the Ethernet of frame delimiter starts) of bag can be passed through when from emitter 211 enter communication link defines launch time, therefore time stamp computer 216 prolongs for expected in the subsequent block of transmission path Slow adjustment time value.In certain embodiments, time stamp computer adjusts fixed amount to time value with view of MACsec process.So And, due to the delay provided by time stamp packet classifier 215, time stamp computer 216 can be made the added-time in the time stamp packet classifier Accurate time stamps information is provided in the case of the packet delay of stamp and do not adjust by variable delay caused by MACsec process.Jing wherein Plus the bag of time stamp is delayed to allow after time stamp writes in the embodiment that the MACsec of front bag is processed, time stamp computer Also allow for the delay.
The position that time stamp write device 217 will can be written in bag from the new timestamp value of time stamp computer 216.Write Position may depend on the classification of the form of bag and time stamp process and change.For example, the position of PTP bags is correction field. In one embodiment, receive bag write device 107 and update in addition with inspection and the field write in the bag of timestamp value.
MACsec packet classifiers 219 are carried out point according to the safety for performing which kind of type (if there is) is processed to bag Class.For example, some bags can be classified as have the ICV added to allow the integrity checking of bag, and other bags can be divided Class is for encrypted, and other bags can be classified as not receive MACsec process.The source address and destination-address in bag can be used Value come to it is described bag classify.In certain embodiments, label of the MACsec packet classifiers 219 in bag be (for example VLAN or MPLS label) value to bag classify.Bag classification can use the combination of bag feature.Receive the bag tool that MACsec is processed There are the extra bits for being added to the bag, therefore the available signal of MACsec packet classifiers 219 notifies stream control block 213 so that it can Its bag received from higher level device is fully buffered, in some cases, will comprising the postponement of higher level device is signaled Bag is fed to transmission path.
MACsec cryptographic blocks 220 perform safety and process according to the classification provided by MACsec packet classifiers 219.Will safety Property label be added to receive safety process bag.Safety tag can be formatted according to ieee standard 802.1AE.Various bag tools Have added for described wrapping the integrity check values not yet changed for verifying at receptor.MACsec process can also add Effective load data in close bag.In addition, MACsec cryptographic blocks 220 can recalculate receive safety process bag inspection and Field.In certain embodiments, MACsec cryptographic blocks 220 are recalculated with the timestamp value write by time stamp write device 217 The inspection of bag and field.
Emitter 211 receives bag and is fed to output signal and is coupled to the logical of transmission path from MACsec cryptographic blocks 220 Letter link.Emitter or in certain embodiments same of the emitter 211 similar to Fig. 1.The block of transmission path can be simultaneously Ground to bag operate, wherein a part for the bag in one of described piece and another part of the bag at described piece The other of in.
Fig. 3 is the flow chart of the process for being used to dispose timing information according to aspects of the present invention.The process can be filled by PHY Put (for example, the device of Fig. 1) enforcement.
In block 302, the process receives the bag for transmitting.Can be from (for example, the media access control of higher level device Device processed) receive the bag.
In frame 312, the process determines whether the bag is will to receive the bag that time stamp is processed.Using the source ground in bag The value of location and destination-address is processed determining that whether the bag will receive time stamp.In certain embodiments, the process can profit With the value of the label (such as VLAN or MPLS label) in bag.In addition, in certain embodiments, the process can be using institute in bag The message for containing, such as Precision Time Protocol or operation, manage and safeguard message.Additionally, the process can utilize bag feature Combine to determine whether the bag is will to receive the bag that time stamp is processed.If the bag is will to receive the bag that time stamp is processed, then The process proceeds to frame 322;Otherwise, the process proceeds to frame 332.
In a block 322, the process processes the bag according to time stamp agreement.For example, the process will can be indicated When bag is transmitted into into the value of communication network to be inserted in the bag.Can by adjustment from the time value of clock compensating by wrapping The delay that is subjected to is determining launch time after time stamp process.For example, the bag can be by as show in Figure 1 MACsec process blocks and emitter in PHY and postpone such as the delay discussed with regard to frame 324.
In frame 324, the process lag is up to a time interval.It is described to postpone to determine to avoid making bag follow-up for Jing It is subjected to the length of the variable delay of the accuracy that the time stamp in a block 322 performing detraction is processed in process.For example, Jing is worked as During by the block transmitting bag for performing MACsec process, the packet delay can be made to depend on what is processed the MACsec in front bag execution Amount.In one embodiment, postpone length and be added in the individual position of the maximum number of front bag corresponding to MACsec process can be directed to Launch time.In another embodiment, delay length is corresponded to can be added to the maximum in front bag for MACsec process Time with the minimum clearance in front bag is provided after the position of number.In certain embodiments, the process is performing frame 322 Operation before perform the operation of frame 324, in this case, the operation of frame 322 will not be considered by prolonging that the operation of frame 324 is provided Late.
In frame 332, the process launches on the communication link bag.Can be by means of the block transmitting for performing MACsec process Bag.Hereafter the process is returned.
Fig. 4 is the block diagram of arrangement, communications network according to aspects of the present invention.Described device includes the first line card 401 and the Two line cards 411.First line card includes the PHY 403 for providing time stamp process and MACsec process.The PHY can be as referred to Fig. 1 Described PHY.The PHY is coupled to MAC 405, and MAC 405 is coupled to packet handing module 407.The operation of the first line card by Line card control process device 409 is controlled and monitored.Second line card 411 comprising corresponding blocks and in certain embodiments with the first line card phase Together.Fig. 4 shows two line cards, but a system can include more line cards.
The PHY 403,413 of the first line card 401 and the second line card 411 can include transmission path as described with reference to figure 2. The PHY provides time stamp and processes, its include the packet delay that makes Jing plus time stamp so that bag can be subjected to due to MACsec process can Become the accuracy for postponing not detract time stab information.
System card 441 is coupled to first and second line card.Switching Fabric 445 couples the line card and exchanges between line card Bag.The control of system control processor 443 and the operation of monitoring system card.
Although discussing the present invention with regard to various embodiments, it is to be understood that the present invention is propped up including this disclosure The novel and non-obvious claims held.

Claims (18)

1. a kind of method performed by the physical layer communication device implemented using electronic circuit, methods described is included:
Receive the bag for transmitting;
Determine whether the bag is will to receive the bag that time stamp is processed;
In the case where the bag will receive time stamp process, it is determined that indicating the bag to the value of the launch time of communication network;
In the case where the bag will receive time stamp process, the value for indicating the launch time is inserted in the bag;
In the case where the bag will receive time stamp process, it is determined that after the value of instruction launch time and instruction is described After the value of launch time is inserted in the bag, determine the packet delay Jing to avoid making described bag during subsequent treatment It is subjected to the time interval of variable delay because the medium education safety (MACsec) of previous bag is processed, wherein when described Between interval based on the launch time that MACsec processs be added to the individual position of maximum number of the previous bag can be directed to;And
Launch the bag on the communication network.
2. method according to claim 1, wherein the time interval for MACsec process corresponding to can be added to Time with the minimum clearance of the previous bag is provided after the position of the maximum number of the previous bag.
3. method according to claim 1, wherein receiving the bag from media access controller.
4. method according to claim 1, determines whether the bag is will to receive the bag utilization that time stamp is processed wherein described The value of source address and destination-address in the bag.
5. method according to claim 1, determines whether the bag is will to receive the bag utilization that time stamp is processed wherein described The value of the label in the bag.
6. method according to claim 1, it further includes to signal transmitting stream control when the packet delay is made Circuit processed.
7. method according to claim 1, wherein the MACsec is processed comprising safety tag is added to into the bag And integrity check values ICV are added to into the bag.
8. method according to claim 7, wherein the MACsec process further comprising in the encryption bag at least Effective load data.
9. method according to claim 1, it further includes that the value of the launch time by the bag is indicated is provided To higher levels device.
10. method according to claim 1, it further includes the value of the launch time by the bag is indicated In being inserted into the bag.
11. methods according to claim 1, it is further included:
It is determined that whether another bag for being received received from the communication network undergoes MACsec process;
Perform the MACsec process of received another bag;And
Time value from local clock is adjusted based on the delay performed when MACsec is processed described received another to provide The reception time of one bag.
12. methods according to claim 11, wherein adjusting fixed amount to the time value.
13. one kind by include comprising emitter, medium education safety (MACsec) process block, time stamp process block and stream control The method that the physical layer device PHY of the transmitting chain of clamp dog is performed, methods described includes:
Bag for transmitting is buffered by the stream control block;
Determined for whether wrapping for transmitting to be to undergo the bag that time stamp is processed by the time stamp process block;
By being sent out from predicting for the PHY for the bag offer bag for undergoing time stamp process by the time stamp process block Penetrate the instruction of time and process making the bag undergo time stamp, including by the predict launch time insertion bag, wherein described Predicted launch time is based on current time and the MACsec process blocks and the predicted delay in the emitter;
After time stamp process is carried out to the bag, by the time stamp process block by the bag of each Jing time stamp to the MACsec The offer of process block postpones a time interval to reduce the inaccuracy of the predicted launch time, wherein the time Sent out based on the position of the maximum number that can be added to corresponding previous bag in the bag of Jing time stamps for MACsec process at interval Penetrate the time;
MACsec is performed by the MACsec process blocks at least some bag in the bag to operate;And
The bag is launched by the emitter.
14. methods according to claim 13, wherein the instruction for predicting launch time of the bag is provided arriving Higher levels device.
15. methods according to claim 13, wherein providing the institute for predicting launch time of the bag in the bag State instruction.
16. methods according to claim 13, it further includes that providing data transmitting by the time stamp process block extends Instruction.
17. methods according to claim 13, wherein MACsec operations are described comprising integrity check values ICV are added to Bag.
18. methods according to claim 17, wherein MACsec data of the operation comprising the encryption bag.
CN201280061674.1A 2011-11-07 2012-11-07 Physical layer processing of timestamps and MAC security Active CN104012025B (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US201161556732P 2011-11-07 2011-11-07
US61/556,732 2011-11-07
PCT/US2012/063983 WO2013070797A1 (en) 2011-11-07 2012-11-07 Physical layer processing of timestamps and mac security

Publications (2)

Publication Number Publication Date
CN104012025A CN104012025A (en) 2014-08-27
CN104012025B true CN104012025B (en) 2017-04-19

Family

ID=48223645

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201280061674.1A Active CN104012025B (en) 2011-11-07 2012-11-07 Physical layer processing of timestamps and MAC security

Country Status (4)

Country Link
US (1) US9282024B2 (en)
EP (1) EP2777211B1 (en)
CN (1) CN104012025B (en)
WO (1) WO2013070797A1 (en)

Families Citing this family (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8750189B2 (en) * 2011-01-06 2014-06-10 Lg Electronics Inc. Method and apparatus for transmitting or receiving system information in wireless communication system
US9553982B2 (en) * 2013-07-06 2017-01-24 Newvoicemedia, Ltd. System and methods for tamper proof interaction recording and timestamping
US9866339B1 (en) 2013-10-24 2018-01-09 Marvell Israel (M.I.S.L) Ltd. Method and apparatus for securing clock synchronization in a network
GB2536827B (en) 2014-05-09 2017-07-05 Imagination Tech Ltd Time stamp replication within a wireless network
CH709742A1 (en) * 2014-06-05 2015-12-15 Swisstradingbox Ag Trading system.
US20160135136A1 (en) * 2014-11-11 2016-05-12 Mediatek Inc. Joint Position Detection by Sensor Devices
CN111865906A (en) * 2015-07-17 2020-10-30 华为技术有限公司 Message transmission method, device and system
WO2017030550A1 (en) * 2015-08-17 2017-02-23 Hewlett Packard Enterprise Development Lp Confidence indicator of unreceived security message
CN106877960A (en) * 2015-12-14 2017-06-20 中国电力科学研究院 Synchronous method during a kind of strange land multiterminal digital-to-analogue emulation high accuracy pair
US9929928B1 (en) 2015-12-24 2018-03-27 Microsemi Solutions (U.S.), Inc. Packet transmitter and method for timestamping packets
CN105933086B (en) * 2016-07-01 2018-01-09 湖南恒茂高科股份有限公司 The method and apparatus that precision clock agreement is realized in media access control module
CN109644124B (en) * 2016-07-06 2021-12-07 瑞典爱立信有限公司 Transmission and reception of time stamp information
CN106851686B (en) * 2017-01-22 2020-03-31 郑州信工智能化系统有限公司 Method and system for realizing wireless MAC protocol with time compensation data acquisition
US10892972B2 (en) 2017-04-26 2021-01-12 Microsemi Storage Solutions, Inc. Scheduled network setup test method and system
US10887211B2 (en) * 2017-09-18 2021-01-05 Microsemi Storage Solutions, Inc. Indirect packet classification timestamping system and method
US11190528B2 (en) * 2017-11-28 2021-11-30 Avago Technologies International Sales Pte. Limited Light-weight mechanism for checking message integrity in data packets
US10574481B2 (en) * 2018-07-23 2020-02-25 Cisco Technology, Inc. Heterogeneous capabilities in an overlay fabric
EP3618315B1 (en) * 2018-08-28 2022-06-01 Rambus Inc. Network interface with timestamping and data protection
US20210092103A1 (en) * 2018-10-02 2021-03-25 Arista Networks, Inc. In-line encryption of network data
US11323437B1 (en) * 2019-07-09 2022-05-03 Juniper Networks, Inc. Monitoring a media access control security session
US11165527B2 (en) * 2019-12-20 2021-11-02 Juniper Networks, Inc. Time synchronization for encrypted traffic in a computer network
US11956160B2 (en) * 2021-06-01 2024-04-09 Mellanox Technologies, Ltd. End-to-end flow control with intermediate media access control security devices
US20220116373A1 (en) * 2021-12-22 2022-04-14 Choon Yip Soo Systems and methods for communicating encrypted time-related data

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011109539A2 (en) * 2010-03-02 2011-09-09 Vitesse Semiconductor Corporation Distributed packet-based timestamp engine
EP2381622A1 (en) * 2010-04-23 2011-10-26 Alcatel Lucent Update of a cumulative residence time of a packet in a packet-switched communication network

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7797745B2 (en) * 2004-12-22 2010-09-14 Electronics And Telecommunications Research Institute MAC security entity for link security entity and transmitting and receiving method therefor
US8717932B2 (en) * 2006-11-29 2014-05-06 Broadcom Corporation Method and system for determining and securing proximity information over a network
US7886143B2 (en) * 2006-11-30 2011-02-08 Broadcom Corporation Multi-data rate cryptography architecture for network security
KR100897525B1 (en) * 2007-01-19 2009-05-15 한국전자통신연구원 Time-stamping apparatus and method for RTP Packetization of SVC coded video, RTP packetization system using that
US8325616B2 (en) * 2008-01-17 2012-12-04 Broadcom Corporation Method and system for determination and exchange of network timing information
US9112632B2 (en) * 2008-01-25 2015-08-18 Cisco Technology, Inc. Supporting efficient and accurate sync/followup timestamps
US7860125B2 (en) * 2008-01-28 2010-12-28 Cisco Techology, Inc. Flexible time stamping
US8102787B2 (en) * 2008-06-17 2012-01-24 Samsung Electronics Co., Ltd. MAC layer timestamping approach for emerging wireless sensor platform and communication architecture
KR101610270B1 (en) * 2008-08-22 2016-04-07 마벨 월드 트레이드 리미티드 Method and apparatus for integrating precise time protocol and media access control security in network elements
US8995289B2 (en) * 2009-03-04 2015-03-31 Broadcom Corporation Method and system for implementing energy efficient ethernet techniques in a MACSec enabled PHY
US8462674B2 (en) * 2009-06-04 2013-06-11 Broadcom Corporation Method and system for symmetric transmit and receive latencies in an energy efficient PHY
WO2014052972A1 (en) * 2012-09-28 2014-04-03 Vitesse Semiconductor Corporation High accuracy 1588 timestamping over high speed multi lane distribution physical code sublayers

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011109539A2 (en) * 2010-03-02 2011-09-09 Vitesse Semiconductor Corporation Distributed packet-based timestamp engine
EP2381622A1 (en) * 2010-04-23 2011-10-26 Alcatel Lucent Update of a cumulative residence time of a packet in a packet-switched communication network

Also Published As

Publication number Publication date
WO2013070797A1 (en) 2013-05-16
US20130114601A1 (en) 2013-05-09
EP2777211A1 (en) 2014-09-17
CN104012025A (en) 2014-08-27
US9282024B2 (en) 2016-03-08
EP2777211A4 (en) 2015-03-25
EP2777211B1 (en) 2020-09-16

Similar Documents

Publication Publication Date Title
CN104012025B (en) Physical layer processing of timestamps and MAC security
US8971352B2 (en) High accuracy 1588 timestamping over high speed multi lane distribution physical code sublayers
US9929928B1 (en) Packet transmitter and method for timestamping packets
US11689440B2 (en) Method and apparatus for transmit time timestamping
EP2976866B1 (en) Timestamp correction in a multi-lane communication link with skew
CN110868390B (en) Network interface with time stamping and data protection
US20020083317A1 (en) Security communication packet processing apparatus and the method thereof
CN102783079A (en) Distributed packet-based timestamp engine
US9647859B2 (en) System and method for link training of a backplane physical layer device operating in simplex mode
JP5720470B2 (en) Processing apparatus, test signal generating apparatus, and test signal generating method
CN106453625A (en) Information synchronization method and high-availability cluster system
CN108134777B (en) Communication encryption system based on timestamp
US9306695B2 (en) Frame transmitting apparatus, frame receiving apparatus, and frame transmission/reception system and method
US20240007367A1 (en) NETWORK INTERFACE SUPPORTING TIME SENSITIVE NETWORKS AND MACsec PROTECTION
WO2020087250A1 (en) Data sending method and apparatus, and flexe switching system
US20150220755A1 (en) Solution for security, safe and time integrity communications in automotive environments
JP2010062992A (en) Clock synchronization method and communication system
WO2019196319A1 (en) Token-based timestamp generation system and method
WO2021152740A1 (en) Network device, computing method and computer readable medium
JP2004180234A (en) Encrypted packet processing system
US20230072376A1 (en) Transmission of packets at specific transmit times with preemption
CN117614711A (en) Train safety communication method and device
JP2023519910A (en) Methods for handling data anomalies, especially in automobiles
EP3349399A1 (en) Message dropout minimization when transporting isochronous packets across a plesiochronous boundary
JP2004282443A (en) Data communication system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C53 Correction of patent of invention or patent application
CB02 Change of applicant information

Address after: Delaware

Applicant after: Vitesse Semiconductor Corporation

Address before: American California

Applicant before: Vitesse Semiconductor Corp.

COR Change of bibliographic data

Free format text: CORRECT: APPLICANT; FROM: VITESSE SEMICONDUCTOR CORP. TO: MICROSEMI COMMUNICATIONS INC.

Free format text: CORRECT: ADDRESS; FROM:

GR01 Patent grant
GR01 Patent grant